Security News > 2022 > July > JPMorgan, UBS among trio accused of shoddy ID theft protection

The SEC on Wednesday announced it charged the investment management firms with deficiencies in their identity theft prevention systems.

The SEC said its investigators found that, between January 2017 and October 2019, the three firms' identity theft prevention programs did not include "Reasonable policies and procedures" to, among other things, detect red flags indicating likely identity theft, and then prevent and mitigate this risk.

Specific to JPMorgan, the watchdog claimed [PDF] the financial giant failed to "Exercise appropriate and effective oversight of all service provider arrangements," and that it didn't train staff on how to implement its identity theft prevention program.

UBS also didn't provide sufficient training for its employees and failed to review customer accounts to see if its identity theft prevention program should apply to them, according to the SEC [PDF].

The regulator said both UBS and TradeStation [PDF] failed to involve their boards of directors in the development and administration of their identity theft prevention programs.

"Today's actions are reminders that broker-dealers and investment advisers must design and operate identity theft prevention programs that are appropriately tailored to their businesses and update them in response to the increased threat and changing nature of identity theft," Carolyn Welshhans, acting chief of the SEC enforcement division's crypto-assets and cyber unit, said in a canned statement.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/28/jpmorgan_sec_fine/